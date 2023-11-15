Trying to steal the show from Intel...I guess.
More info on the CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20592
https://nvd.nist.gov/vuln/detail/CVE-2023-20592
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html
https://www.techpowerup.com/315776/...p-vulnerability-patches-are-already-availableResearchers at Graz University of Technology and the Helmholtz Center for Information Security have released their paper on CacheWarp—the latest vulnerability affecting some of the prior generation AMD EPYC CPUs. Titled CVE-2023-20592, the exploit targets first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan. CacheWarp operates by exploiting a vulnerability in AMD's Secure Encrypted Virtualization (SEV) technology, specifically targeting the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) versions. The attack is a software-based fault injection technique that manipulates the cache memory of a virtual machine (VM) running under SEV. It cleverly forces modified cache lines of the guest VM to revert to their previous state. This action circumvents the integrity checks that SEV-SNP is designed to enforce, allowing the attacker to inject faults without being detected.
